Association of Network Terminals to a Common Account
An arrangement is disclosed for providing an account identifier from a billing system to a controller that is disposed at the headend of a wide area network (“WAN”) that supports a media content distribution service. In illustrative examples, the WAN is a broadband network to which one or more terminal devices such as STBs are coupled. The billing generates a unique household handle (“HHH”), to identify a particular set of STBs that are associated with a subscriber to the service, which is transmitted to the controller. The controller uses the HHH to prepare a terminal association identifier (“TAI”) that is distributed to the associated STBs. An application programming interface (“API”) resident on each STB is arranged to accept input parameters from one or more applications that run on the STB. The input parameter is typically concatenated with the stored TAI and input to a hashing algorithm. The resultant hashed value is returned to an application and is usable as password to secure a local area network to which the STBs are coupled.
Latest GENERAL INSTRUMENT CORPORATION Patents:
This application claims the benefit of provisional application number 60/819,529 filed Jul. 7, 2006, the disclosure of which is incorporated by reference herein.
BACKGROUNDDigital video recorders (“DVRs”) have become increasingly popular for the flexibility and capabilities offered to users in selecting and then recording video content such as that provided by cable and satellite television service companies. DVRs are consumer electronics devices that record or save television shows, movies, music, and pictures, for example, (collectively “multimedia”) to a hard disk in digital format. Since being introduced in the late 1990s, DVRs have steadily developed additional features and capabilities, such as the ability to record high definition television (“HDTV”) programming. DVRs are sometimes referred to as personal video recorders (“PVRs”).
DVRs allow the “time shifting” feature (traditionally enabled by a video cassette recorder or “VCR” where programming is recorded for later viewing) to be performed more conveniently, and also allow for special recording capabilities such as pausing live TV, fast forward and fast backward, instant replay of interesting scenes, and skipping advertising and commercials.
DVRs were first marketed as standalone consumer electronic devices. Currently, many satellite and cable service providers are incorporating DVR functionality directly into their set-top-boxes (“STBs”). As consumers become more aware of the flexibility and features offered by DVRs, they tend to consume more multimedia content. Thus, service providers often view DVR uptake by their customers as being desirable to support the sale of profitable services such as video on demand (VOD) and pay-per-view (PPV) programming.
Once consumers begin using a DVR, the features and functionalities it provides are generally desired throughout the home. To meet this desire, networked DVR functionality has been developed which entails enabling a DVR to be accessed from multiple rooms in a home over a network. Such home networks often employ a single, large capacity DVR that is placed near the main television in the home. A series of smaller companion terminals, which are connected to other televisions, access the networked DVR over the typically existing coaxial cable in the home. These companion terminals enable users to see the DVR output, and to use the full range of DVR controls (pause, rewind and fast-forward among them) on the remotely located televisions. In some instances, it is possible, for example, to watch one recorded DVR movie in the office while somebody else is watching a different DVR movie in the family room.
The home network must be secured so that the content stream from the DVR is not unintendedly viewed should it leak back through the commonly shared outside coaxial cable plant to a neighboring home or adjacent subscriber in a multiple dwelling unit (“MDU”) such as an apartment building. In some implementations of home networking, a low pass filter is installed at the entry point of the cable to the home to provide radio frequency (“RF”) isolation. In other implementations, a personal identification number (“PIN”) is installed at each terminal in the home network that enables the media content from the DVR to be securely shared. Terminals that do not have the correct PIN are not able to access the network or share the stored content on the networked DVR.
While networked DVRs meet the needs of the market very well, the installation of the low pass filter or the provisioning of the necessary PIN to each terminal can be a potentially time consuming and expensive process for the service provider. Truck roll costs must be borne if an installer must go to the home to manually set the PIN or install the low pass filter. If self-installation of the PIN by the consumer is more preferable, resources must be expended to develop and then support a PIN installation interface that can be successfully utilized by the consumer. In instances where the terminal is pre-provisioned with the PIN, logistical, inventory, and supply issues can add to costs. For example, the service provider must either develop tools to set the PIN when the devices are offline at a warehouse or otherwise have personnel set the PIN manually. In addition, the service provider must develop and maintain facilities to manage and track PINs for additional terminals that are needed to accommodate growth of a consumer's home network.
An arrangement is disclosed for providing an account identifier from a billing system to a controller that is disposed at the headend of a wide area network (“WAN”) that supports a media content distribution service. In illustrative examples, the WAN is a broadband network which is selected from a cable network, telecommunications network or direct satellite broadcast (“DBS”) network to which one or more terminal devices such as STBs are coupled. The billing system generates a unique household handle (“HHH”) to identify a particular set of STBs that are associated with an account of a subscriber to the service. The HHH is transmitted to the controller which uses it to prepare a terminal association identifier (“TAI”) that is distributed to the set of associated STBs which, in turn, store the received TAI in nonvolatile memory. The TAI is optionally prepared by inputting the HHH received from the billing system into a hashing algorithm. The controller uses the unique HHH to generate the TAI which is in a data format and provided over a transport protocol that is usable by the set of associated STBs to which the controller has direct access over the media content distribution system.
An application programming interface (“API”), instantiated on each STB in the set of associated STBs, is arranged to accept input parameters from one or more applications that run on the STB. The input parameter is typically concatenated with the stored TAI and input to a hashing algorithm. The resultant hashed value is returned to the application.
In an illustrative example, one such STB application is arranged to generate a PIN from the returned hash value that is commonly utilized by each associated STB to form a secure local area network (“LAN”). That is, each of the associated STBs recreates the commonly utilized PIN using the API and the stored TAI. STBs seeking to access the LAN are authenticated with the common PIN. STBs which are not authenticated are denied access to the home LAN thus ensuring, for example, that content stored on a DVR in one STB is not unintendedly consumed by STBs that are not authorized to receive it.
Such arrangement provides a number of advantages. Associating STBs using the HHH and TAI enables the distribution of the commonly utilized PIN to be highly automated while simultaneously increasing the security robustness of the distribution system since each of associated STBs generates the commonly utilized PIN locally. Thus, costs associated with a truck roll service call and the support and maintenance costs attendant to self-installation by the subscriber or warehouse PIN provisioning are reduced or eliminated.
Turning now to
Several network sources are coupled to deliver broadband multimedia content to home 110 and are typically configured as WANs. A satellite network source, such as one used in conjunction with a DBS service is indicated by reference numeral 122. A cable plant 124 and a telecommunications network 126, for example, for implementing a digital subscriber line (“DSL”) service, are also coupled to home 110.
In the illustrative arrangement of
Headend 202 is coupled to receive programming content from sources 204, typically a plurality of sources, including an antenna tower and satellite dish as in this example. In various alternative applications, programming content is also received using microwave or other feeds including direct fiber links to programming content sources.
Network 200 uses a hybrid fiber/coaxial (“HFC”) cable plant that comprises fiber running among the headend 202 and hubs 212 and coaxial cable arranged as feeders and drops from the nodes 216 to homes 110. Each node 216 typically supports several hundred homes 110 using common coaxial cable infrastructure in a tree and branch configuration. As a result, as noted above, the potential exists for content stored on a networked DVR in one home on a node to be unintendedly viewed by another home on the node unless steps are taken to isolate the portions of the cable plant in each home that are utilized to implement the home multimedia network.
Apartments 312 each use respective portions of infrastructure 315 to implement a LAN comprising a home multimedia network. Since apartments 312 share common infrastructure 315, measures must be taken to isolate each home multimedia network in the MDU so that content stored, for example, on a networkable DVR in STB 318 in apartment 1, is not unintendedly viewed in apartment 2 in MDU 310.
From the cable drop 409, WAN 401 is coupled to individual terminals 4121 to 412N using a plurality of splitters, including 3:1 splitters 415 and 418 and a 2:1 splitter 421 and coaxial cable (indicated by the heavy lines in
In typical applications WAN 401 operates with multiple channels using RF signals in the range of 50 to as high as 860 Mhz for downstream communications (i.e., from headend to terminal). Upstream communications (i.e., from terminal to headend) have a typical frequency range from 5 to 42 MHz.
LAN 426 commonly shares the portion of networking infrastructure installed at the building with WAN 401. More specifically, as shown in
In many applications, LAN 426 is arranged with the capability for operating multiple RF channels in the range of 800-1550 MHz, with a typical operating range of 1 to 1.5 GHz. LAN 426 is generally arranged as an IP (Internet protocol) network. Other networks operating at other RF frequencies may optionally use portions of the LAN 426 and WAN 401 infrastructure. For example, a broadband internet access network using a cable modem (not shown), voice over internet protocol (“VOIP”) network, and/or out of band (“OOB”) control signaling and messaging network functionalities are commonly operated on LAN 426 in many applications.
A variety of terminal devices 5501-8 are coupled to LAN 526 in this illustrative example. A multimedia server 5501 is coupled to LAN 526. Multimedia server 5501 is arranged using an STB with integrated networkable DVR 531. Alternatively, multimedia server 5501 is arranged from devices such as personal computers, media jukeboxes, audio/visual file servers, and other devices that can store and serve multimedia content over LAN 526. Multimedia server 5501 is further coupled to a television 551.
Client STB 5502 is another example of a terminal that is coupled to LAN 526 and WAN 505. Client STB 5502 is arranged to receive multimedia content over WAN 505 which is played on the coupled HDTV 553. Client STB 5502 is also arranged to communicate with other terminals on LAN 526, including for example multimedia server 550, in order to access content stored on the DVR 531. Thus, for example, a high definition PPV movie that is recorded on DVR 531 in multimedia server 5501, located in the living room of the home, can be watched on the HDTV 553 in the home's family room.
Wireless access point 5503 allows network services and content from WAN 505 and LAN 526 to be accessed and shared with wireless devices such as laptop computer 555 and webpad 558. Such devices with wireless communications capabilities (implemented, for example, using the Institute of Electrical and Electronics Engineers IEEE 802.11 wireless communications protocols) are commonly used in many home networking applications. Thus, for example, photographs stored on DVR 531 can be accessed on webpad 558 that is located in the kitchen of the home over LAN 526.
Digital media adapter 5504 allows network services and content from WAN 505 and LAN 526 to be accessed and shared with media players such as home entertainment centers or stereo 562. Digital media adapter 5504 is typically configured to take content stored and transmitted in a digital format and convert it into an analog signal. For example, a streaming internet radio broadcast received from WAN 505 and recorded on DVR 531 is accessible for play on stereo 562 in the home's master bedroom.
WMA/MP3 audio client 5505 is an example of a class of devices that can access digital data directly without the use of external digital to analog conversion. WMA/MP3 client 5505 is a music player that supports the common Windows Media Audio digital file format and/or the Moving Picture Expert Group (“MPEG”) Audio Layer 3 digital file format, for example. WMA/MP3 audio client 5505 might be located in a child's room in the home to listen to a music channel supplied over WAN 505 or to access an MP3 music library that is stored on DVR 531 using LAN 526.
A personal computer, PC 5506 (which is optionally arranged as a media center-type PC typically having one or more DVD drives, a large capacity hard disk drive, and high resolution graphics adapter) is coupled to WAN 505 and LAN 526 to access and play streamed or stored media content on coupled display device 565 such as a flat panel monitor. PC 5506, which for example is located in an office/den in the home, may thus access recorded content, such as a television show, on DVR 53 land watch it on the display device 565. In alternative arrangements, PC 5506 is used as a multimedia server having similar content sharing functionalities and features as multimedia server 5501 which is described above.
A game console 5507 and coupled television 569, as might be found in a child's room, is also coupled to WAN 505 and LAN 526 to receive streaming and stored media content, respectively. Many current game consoles play game content as well as media content such as video and music. Online internet access is also used in many settings to enable multi-player network game sessions.
Thin client STB 5508 couples a television 574 to WAN 505 and LAN 526. Thin client STB 5508 is an example of a class of STBs that feature basic functionality, usually enough to handle common EPG and VOD/PPV functions. Such devices tend to have lower powered central processing units and less random access memory than thick client STBs such as multimedia server 5501 above. Thin client STB 5508 is, however, configured with sufficient resources to host a user interface that enables a user to browse, select, and play content stored on DVR 531 in multimedia server 5501. Such user interface is configured, in this illustrative example, using an EPG-like interface that allows remotely stored content to be accessed and controlled just as if content was originated to thin client STB 5508 from its own integrated DVR. That is, the common DVR programming controls including picking a program from the recorded library, playing it, using fast forward or fast back, and pause are supported by the user interface hosted on thin client STB 5508 in a transparent manner for the user.
Thin client STB 5508 hosts GUI 620 with which the user interacts using remote control 629. As shown, GUI 620 displays the same content and controls as GUI 610. Content selected by the user for consumption on television 574 is shared over LAN 526.
Controller 719 also includes an output interface 728 that is operatively coupled to a switch 729 (that typically includes multiplexer and/or modulator functionality) that modulates programming content 730 from sources 204 (
A plurality of terminals including a server terminal 732 and client terminals 7351 to 735N are disposed in subscriber household 730. Server terminal 732 is alternatively arranged with similar features and functions as multimedia server 529 (
Billing system interface 722 is arranged to receive data from a billing system 743 that is disposed in the network headend 705. Billing system 743 is generally implemented as a computerized, automated billing system that is connected to the outgoing TAI server, among other elements, at the network headend 705. Billing system 743 readily facilitates the various programming and service options and configurations available to subscribers which typically results, for example, in the generation of different monthly billing for each subscriber. Data describing each subscriber, and the programming and service options associated therewith, are stored in a subscriber database 745 that is operatively coupled to the billing system 743.
Service orders from the subscribers are indicated by block 747 in
An API 820 is resident in architecture 805 in a layer between the applications 812 and the STB firmware 825 which functions as an intermediary between these components. Thus, API 820 is used to pass input parameters, requests and/or other information and data between applications 812 and firmware 825. Below the firmware 825 in architecture 805 is a layer of STB hardware 828. Hardware 828 includes a NIM 832 along with other hardware 840 including, for example, interfaces, peripherals, ports, a CPU (central processing unit), MPEG decoder, memory, and various other components that are commonly utilized to provide conventional STB features and functions.
The second step 902 includes delivering the unique HHH from the billing system 743 to the controller 719 using, for example, the Wirelink Protocol. The third step 903 includes preparing the TAI for delivery. Step 903 optionally includes translating the HHH received from the billing system 743 into a different value or format, for example, using a CRC32 (cyclic redundancy check), MD5 (Message Digest 5), or SHA-1 (Secure Hash Algorithm) hashing algorithm.
The fourth step 904 includes delivering the TAI to the STB 805 (although a single STB 805 is shown in
The DCT MSP configuration message is embodied with a subcommand ID which supports a terminal association identifier field which is used to carry the TAI. The terminal_association_config subcommand specifies a terminal's association configuration to thereby associate the terminal with other terminals within a service The terminal_assoc_control is a 32-bit value bit-mask type used to control how the terminal association identifier included in the DCT MSP configuration message can be utilized by the receiving terminal. This field is initially a reserved value that is set to a default of 0.The terminal_assoc_identifier is a 160-bit value used to associate a particular terminal with other terminals on the same service subscriber's account.
The fifth step 905 in
At block 1040, application 812 uses the returned hash value to create a PIN value. The PIN value is passed to STB firmware 825 to thereby set the PIN (as indicated by reference numeral 1045) which is used by STB hardware 828 to enable network privacy (as indicated by reference numeral 1050). In alternative examples, applications running on STB 805 may use the returned hash value for other purposes beyond creating a PIN to enable network security, for example, where unique and secure identification or association is required to be recreated at each terminal among a set of terminals in a subscriber household.
If, at decision block 1025, the STB has not been received and stored a TAI, then the application 812 is optionally arranged to display a user interface, as indicated by reference numeral 1065 which prompts a user 1060 to manually enter a PIN value. The User PIN is returned to the application in lieu of the unique application identifier as indicated by reference numeral 1070.
In this illustrative example, the messages are conveyed as MAC (media access control) sublayer messages which are transported in the data link layer of the OSI (Open Systems Interconnection) model on the IP network which operates on LAN 926. Client terminal 550N sends an authentication request message 1110 to server terminal 5501. Client terminal 550N sends the authentication request when looking to join (i.e., gain access to) LAN 526 to thereby consume stored content (such as programming recorded on the DVR disposed in the server terminal). In response to the authentication request, server terminal 5501 generates a random number as indicated by reference numeral 1115. The random number is used to create a challenge message 1120 which is sent back to client terminal 550N.
As indicated by reference numeral 1122 in
As indicated by reference numeral 1131 in
Each of the processes shown in the figures and described in the accompanying text may be implemented in a general, multi-purpose or single purpose processor. Such a processor will execute instructions, either at the assembly, compiled, or machine-level to perform that process. Those instructions can be written by one of ordinary skill in the art following the description herein and stored or transmitted on a computer readable medium. The instructions may also be created using source code or any other known computer-aided design tool. A computer readable medium may be any medium capable of carrying those instructions and includes a CD-ROM, DVD, magnetic or other optical disc, tape, silicon memory (e.g., removable, non-removable, volatile or non-volatile), packetized or non-packetized wireline or wireless transmission signals.
Claims
1. A network controller disposed at a headend of a wide area network that provides a service to a plurality of terminals coupled to the wide area network, comprising:
- a billing system interface arranged to receive, from a billing system, a household identifier for identifying one or more terminals in the plurality of terminals that are associated with a subscriber account with the service; and
- a terminal association identifier server arranged to transmit a terminal association identifier over the wide area network, responsively to the household identifier, to the identified one or more subscriber terminals so that the identified one or more terminals are commonly associated with the subscriber account.
2. The network controller of claim 1 in which the service comprises a home networking service that supports sharing of media content among the identified one or more terminals over the local area network.
3. The network controller of claim 2 in which the home networking service is selected from one of whole home or multi-room DVR.
4. The network controller of claim 2 in which the home networking service is a MoCA (Multimedia over Coax Alliance) networking service.
5. The network controller of claim 1 in which the terminal association identifier is generated by applying a hashing algorithm to the household identifier.
6. The network controller of claim 5 in which the hashing algorithm is selected from one of CRC32, MD5, or SHA-1.
7. The network controller of claim 1 in which the billing system data is used to identify one or more terminals for receiving discrete media content ordered by the subscriber.
8. The network controller of claim 1 in which the wide area network supports an in-band signal path and an out-of-band signal path and the terminal association identifier is carried in the out-of-band signal path as an MSP message.
9. A terminal device, comprising:
- one or more processors;
- a network interface for receiving a terminal association identifier from a controller over a wide area network; and
- a memory for storing a) the terminal association identifier received from the wide area network b) instructions which, when executed by the one or more processors, implement an application, and c) instructions which, when executed by the one or more processors implement an application programming interface for generating, using the terminal association identifier, a unique application identifier that is passed to the application.
10. The terminal device of claim 9 in which the application is arranged for generating, from the unique application identifier, a commonly utilized PIN that enables media content to be securely shared among one or more other terminal devices over a local area network.
11. The terminal device of claim 9 in which the terminal association identifier is not exposed to the application.
12. The terminal device of claim 9 in which the application programming interface is arranged to receive an input parameter from the application, the input parameter being concatenated with the terminal association identifier.
13. The terminal device of claim 12 in which the concatenated input parameter and terminal association identifier are input to a hashing algorithm.
14. The terminal device of claim 9 in which the memory is a hard disk drive that is shared with a DVR.
15. The terminal device of claim 14 in which the network interface is further arranged to receive multimedia content that is selected from one of video, music, pictures, or data, selected portions of the received multimedia content being stored on the DVR.
16. The terminal device of claim 9 in which the application is arranged for providing a user interface to receive a PIN from a user.
17. The terminal device of claim 9 in which the one or more processors, network interface, and memory are substantially incorporated in one of set top box, personal computer, DVR, PVR, whole home DVR, multi-room DVR, or networkable client device.
18. The terminal device of claim 10 in which the other terminal devices are selected from one of set top box, thick client set top box, thin client set top box, personal computer, portable media player, wireless access point, game console, digital media adapter, multimedia server, or audio client.
19. A method for associating terminal devices with a common subscriber account, the method comprising:
- identifying a set of one or more terminal devices that are associated with a subscriber account with a media content delivery service;
- generating a household identifier to uniquely identify the set of one or more associated terminal devices; and
- transmitting the household identifier to a controller disposed on a wide area network to which the one or more associated terminals are coupled.
20. The method of claim 19 in which the method is performed by a business system server that is operatively coupled to the controller.
21. The method of claim 19 in which the household identifier is a household handle comprising a 20 byte field in the Digital Wirelink Protocol.
22. The method of claim 20 in which the business system server is coupled to a business system database, the business system database containing subscriber data including identifying information for at least one of the one or more terminal devices.
23. The method of claim 22 in which the identifying information is selected from one of serial number, ID number, unit address, or MAC address.
Type: Application
Filed: Dec 28, 2006
Publication Date: Jan 10, 2008
Applicant: GENERAL INSTRUMENT CORPORATION (Horsham, PA)
Inventor: Robert C. Booth (Ivyland, PA)
Application Number: 11/616,946
International Classification: H04N 7/16 (20060101);